BitterRAT

Description

(Forcepoint) BITTER used free dynamic DNS (DDNS) and dedicated server hosting services in order to set up their C2s. The download site where the exploit documents download the RAT binaries are, in most cases, different from the actual RAT C2. However, both of them are typically registered using a Gmail email address and a spoofed identity purporting to be either from United Kingdom or Great Britain.

Names

Name
BitterRAT
Bitter RAT

Type

Backdoor

Information

https://www.forcepoint.com/blog/x-labs/bitter-targeted-attack-against-pakistan
https://ti.360.net/blog/articles/analysis-of-targeted-attack-against-pakistan-by-exploiting-inpage-vulnerability-and-related-apt-groups-english/

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.bitter_rat

Other Information

Uuid

0e7f29c9-7c63-432a-aeb0-441aec1d43e4

Last Card Change

2022-12-28

Threat Intelligence Garden

Explorer

BitterRAT

BitterRAT

Description

Names

Category

Type

Information

Malpedia

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks